CVE-2024-5719 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-23935

CVE-2024-23935 affects Alpine Halo9. The vulnerability is a stack-based buffer overflow in the DecodeUTF7 function, caused by insufficient validation of user-supplied data length before copying to a stack buffer. It enables remote code execution with root privileges and requires the attacker to p...

CVE-2024-41605

CVE-2024-41605 affects Foxit PDF Reader before 2024.3 and Foxit PDF Editor before 2024.3, and 13.x before 13.1.4. The issue is that the updater lacks integrity validation, allowing an attacker to replace an update file with a Trojan horse and execute attacker-controlled code via side loading. Thi...

CVE-2024-42787

A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=saveplaylist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields...

CVE-2024-42790

CVE-2024-42790 describes a Reflected XSS in Kashipara Music Management System v1.0 affecting /music/index.php?page=test via the page parameter. The issue stems from insufficient input handling/escaping, enabling remote attackers to inject scripts and potentially run code in the victim’s context. ...

CVE-2024-38433

CVE-2024-38433 affects Nuvoton NPCM7xx BMC subsystem that uses the BootBlock. An attacker with write access to SPI-Flash can modify the u-boot image header parsed by BootBlock, enabling an authentication bypass and potentially arbitrary code execution. The CVSS data in the connected documents ind...

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode

Description The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to...

CVE-2024-3467 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

CVE-2024-34461

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator...

CVE-2024-26574

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe...

CVE-2024-28583

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the readLine function when reading images in XPM format...

CVE-2023-48201

Sunlight CMS 8.0.1 is affected by a Cross Site Scripting (XSS) vulnerability in the Content text editor component. A remote authenticated attacker can craft a script that, when processed by the editor, may lead to arbitrary code execution and privilege escalation. The available sources consistent...

(0Day) (Pwn2Own) Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft DirectX Graphics Kernel Elevation of Privilege (CVE-2022-37954)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Ubuntu: Security Advisory (USN-2424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Plone Sandbox Bypass

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...

GHSA-25JH-5H5R-H33M Plone Sandbox Bypass

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...

Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...